<?php
if (isset($_POST["submit"])) {
	$error = "";
	$username = $_POST["username"];
	$password = $_POST["password"];
	$query = "SELECT id FROM admin_users WHERE username = '".$db->escapeString($username)."'";
	$res1 = $db->runQuery($query);
	if (!$db->getRowCount($res1)) {
		$error = "El usuario no existe.";
	} else {
		$row1 = $db->getRow($res1);
		$userId = $row1["id"];
		$query = "SELECT username FROM admin_users WHERE id = '".$userId."' AND password = PASSWORD('".$db->escapeString($password)."')";
		$res2 = $db->runQuery($query);
		if (!$db->getRowCount($res2)) {
			$error = "La contraseña no es correcta.";
		} else {
			$row2 = $db->getRow($res2);
			$username = $row2["username"];
		}
	}
	if (!empty($error)) {
		$content->assign("error", $error);
	} else {
		$_SESSION["adminLoggedUserName"] = $username;
		$url = Utils::generateSEOUrl($lang, "home");
		header("Location: ".$url);
		exit;
	}
}
?>
